1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • New Linux malware family evades antivirus detection

    From TechnologyDaily@1337:1/100 to All on Tue Aug 24 12:45:04 2021
    New Linux malware family evades antivirus detection

    Date:
    Tue, 24 Aug 2021 11:23:49 +0000

    Description:
    Modified variants of well-known Linux backdoors avoids detection as researchers focus attention on bigger campaigns.

    FULL STORY ======================================================================

    Cybersecurity researchers have uncovered severalmalicious Linux binaries
    that have successfully managed to sneak past most antivirus products.

    Upon closer inspection, the researchers at AT&T Alien Labs identified these binaries as modified versions of the open source Prism backdoor that has been used in multiple campaigns earlier.

    We have conducted further investigation of the samples and discovered that several campaigns using these malicious executables have managed to remain active and under the radar for more than 3.5 years. The oldest samples Alien Labs can attribute to one of the actors date from the 8th of November, 2017, note the researchers . TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << Check our roundup of the best Linux distros Here's our choice of the best malware removal software on the market Protect your devices with these best antivirus software

    Calling Prism a simplistic and straightforward backdoor thats easy to detect, the researchers note that the fact the modified binaries have managed to
    evade detection for several years is perhaps a result of the security infrastructure focussing its efforts on bigger campaigns, allowing smaller ones to slip through the gaps. Under the radar

    One of the variants analyzed by the researchers, named WaterDrop, is easily identifiable, but still manages to maintain a near-zero detection score in
    the VirusTotal database. Moreover, WaterDrop communications with its command and control (C2) server over plain-text HTTP.

    Tracking the evolution of the malware , the researchers note that many use
    the same C2 server. While the earlier variants of the malware dont implement any of the common mechanisms malware authors use to avoid being flagged, such as obfuscation, and encryption, the newer variants do, along with a few other modifications.

    The researchers reason that these backdoors fly under the radar since they
    are usually used in smaller campaigns.

    Alien Labs expects the adversaries to remain active and conduct operations with this toolset and infrastructure. We will continue to monitor and report any noteworthy findings, conclude the researchers. These are the best
    endpoint protection tools



    ======================================================================
    Link to news story: https://www.techradar.com/news/new-linux-malware-family-evades-antivirus-detec tion/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)